Vulnerability Description
Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Measuresoft | Scadapro Client | <= 3.3.1 |
| Measuresoft | Scadapro Server | <= 3.3.1 |
References
- http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Cli
- http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Ser
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdfUS Government Resource
- http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Cli
- http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Ser
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdfUS Government Resource
FAQ
What is CVE-2012-1824?
CVE-2012-1824 is a vulnerability with a CVSS score of 7.2 (HIGH). Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working dir...
How severe is CVE-2012-1824?
CVE-2012-1824 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1824?
Check the references section above for vendor advisories and patch information. Affected products include: Measuresoft Scadapro Client, Measuresoft Scadapro Server.